Skip to content
Medium Published: Jul 31, 2017 Modified: Apr 20, 2025

CVE-2017-1370

4.9 CVSS Score Medium
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Export CVE-2017-1370 Data:
Share:
Link copied!

Description

IBM Jazz Reporting Service (JRS) 5.0 and 6.0 could disclose sensitive information, including user credentials, through an error message from the Report Builder administrator configuration page. IBM X-Force ID: 126863.

CVSS Vector Details

Attack Vector Network
Attack Complexity Low
Privileges Required High
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Affected Software Configurations

  • a ibm jazz_reporting_service 5.0 * * * * * * *
  • a ibm jazz_reporting_service 5.0.1 * * * * * * *
  • a ibm jazz_reporting_service 5.0.2 * * * * * * *
  • a ibm jazz_reporting_service 6.0 * * * * * * *
  • a ibm jazz_reporting_service 6.0.1 * * * * * * *
  • a ibm jazz_reporting_service 6.0.2 * * * * * * *
  • a ibm jazz_reporting_service 6.0.3 * * * * * * *
  • a ibm jazz_reporting_service 6.0.4 * * * * * * *

Weaknesses (CWE)

  • CWE-209

References & External Links

External Resources

NVD Official Record Exploit-DB Search Exploits CVE Details Statistics GitHub PoC / Tools X / Twitter Discussions Google Search More

Related Vulnerabilities

CVE-2000-1191 CVSS 0 Same weakness: CWE-209 CVE-2010-3332 CVSS 0 Same weakness: CWE-209 CVE-2017-7945 CVSS 0 Same weakness: CWE-209 CVE-2018-2379 CVSS 0 Same weakness: CWE-209 CVE-2018-11325 CVSS 0 Same weakness: CWE-209

CVE History Timeline

Aug 02, 2017 01:29 CVE Modified
Aug 03, 2017 15:44 Initial Analysis
Aug 08, 2017 01:34 CVE Modified
Oct 03, 2019 00:03 CWE Remap
May 14, 2024 04:33 CVE Modified
Nov 21, 2024 03:21 CVE Modified
← Back to CVE Tracker